General
-
Target
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06
-
Size
842KB
-
Sample
221202-wkajpaae62
-
MD5
db846fc767bbc92ff7d3eac3b66a5198
-
SHA1
98206308068bd214ea4a0154e37cc5327c3fcdf0
-
SHA256
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06
-
SHA512
55528a8e6e4495d2844bad5b21fbdb46d79e949ee11938ceae263197a5cc4a34744da1c4374089fe364c447d9b07dfbce4f96df1463e4f6fa20a7bd7244bf63e
-
SSDEEP
24576:h04aY7IxRCHL7WW33V6ivu6+JuQPoqhxqjmZse:h8cIHyL6ViW6yoq7qjmie
Static task
static1
Behavioral task
behavioral1
Sample
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
darkcomet
BotNet
psychozerker.no-ip.biz:1604
DC_MUTEX-EJJAAGS
-
InstallPath
MSDCSC\msdcsc.exe
-
gencode
pq0xoo1jfSUP
-
install
true
-
offline_keylogger
true
-
persistence
true
-
reg_key
MicroUpdate
Targets
-
-
Target
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06
-
Size
842KB
-
MD5
db846fc767bbc92ff7d3eac3b66a5198
-
SHA1
98206308068bd214ea4a0154e37cc5327c3fcdf0
-
SHA256
c6f1d086b0efdd127c9f66422df62a9dd6730a4d6ff33dc7d6246f0ba420cc06
-
SHA512
55528a8e6e4495d2844bad5b21fbdb46d79e949ee11938ceae263197a5cc4a34744da1c4374089fe364c447d9b07dfbce4f96df1463e4f6fa20a7bd7244bf63e
-
SSDEEP
24576:h04aY7IxRCHL7WW33V6ivu6+JuQPoqhxqjmZse:h8cIHyL6ViW6yoq7qjmie
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-